The invention relates generally to cryptographic communications systems, to security management devices and methods, and methods for identity verification. More particularly, the invention relates to client/server applications, such as smart card applications, wherein there exists a need to provide an authentication mechanism to simultaneously provide identity verification and membership proof for multiple groups.
With the rapid growth of electronic mail systems and electronic commerce, including electronic funds transfer systems and the like, users and service providers are demanding increased security for data transferred over unsecured communication channels such as the Internet and increased security of sensitive data during access and storage. Consequently, cryptographic schemes of various sorts are now often used to ensure the privacy and authenticity of messages when accessing and communicating via the Internet or any other unprotected data access channel or unsecured communication channel.
In conventional cryptographic systems, a method of encryption is utilized to transform a xe2x80x9cplain textxe2x80x9d message into xe2x80x9ccipherxe2x80x9d or a xe2x80x9cciphertextxe2x80x9d message, which presumably is in an unintelligible form. Thereafter, a method of decryption is utilized for decoding the encrypted message to restore the message to its original intelligible form.
In many popular cryptographic systems, binary coded data is cryptographically protected using an encryption algorithm in conjunction with a xe2x80x9ckeyxe2x80x9d, e.g., a binary number or series of numbers, for enciphering and deciphering the message or underlying data. This key makes the results of encrypting data using the encryption algorithm unique. Selection of a different key causes the encryption that is produced for a given set of inputs to be different. Unauthorized recipients of the ciphertext, who may know the encryption algorithm but who do not have the key, cannot derive the original data or message.
In such systems, unrecorded plain text information is encrypted into ciphertext and decrypted back into its original form utilizing an algorithm that sequences through enciphering and deciphering operations which depend on the binary key code. For example, the National Bureau of Standards approved a block cipher algorithm in 1977, referred to as the Data Encryption Standard (DES), e.g., Data Encryption Standard FIPS Pub 46, National Bureau of Standards, Jan. 15, 1977.
Often, cryptographic signature and authentication systems utilize a xe2x80x9cone-wayxe2x80x9d hashing function to transform the plain text message into a condensed form that is also unintelligible. A xe2x80x9chashingxe2x80x9d function, as generally referred to herein, is a mathematical operation or series of operations that are performed on an aggregation of digital data to create a smaller, more easily processed aggregation of data.
In the cryptographic environment, an important characteristic of the hashing function is its xe2x80x9cone-wayxe2x80x9d function. Ideally, this means that the hashing function should be computationally easy to compute given a set of underlying data, but that it should be computationally impossible to determine that some underlying data give the calculated hash value. For practical reasons, the value obtained from applying a hashing function to the original message or aggregation of data should also be unique, i.e., a virtual certified message of the original message or data. Consequently, if the original message data is different in any manner, the xe2x80x9chashxe2x80x9d of such modified data will also be different.
In a xe2x80x9cpublic keyxe2x80x9d cryptographic system, the encryption and decryption processes are decoupled in such a manner that the encrypting process key is separate and distinct from the decrypting key. Thus, for each encryption key there is a corresponding decryption key that is not the same as the encryption key. Moreover, given the knowledge of one key, it is usually not feasible to compute the other corresponding key.
In this type of public key system, the encryption keys for all users may be distributed or published and anyone desiring to communicate over an unsecured communication channel simply encrypts a message using the recipient""s public key. Only the recipient who retains the corresponding secret decrypting key is able to decipher the received (or intercepted) message. Revealing the encryption key discloses nothing useful about the decrypting key, i.e., only persons having knowledge of the decrypting key can decrypt the message. An example methodology for the practical implementation of such a public key cryptographic system, known as the RSA cryptographic system, is disclosed in U.S. Pat. No. 4,405,829, issued to Rivest et al.
A major concern in public key and other cryptographic systems is the need to confirm that the person seeking access to a message is actually the person who is the xe2x80x9cownerxe2x80x9d of, i.e., is authorized to have access to, this message. This concern gives rise to the need for xe2x80x9cidentity verificationxe2x80x9d, which can be used to authenticate the person seeking access to the message. In this regard, an identity verification scheme is analogous to an ordinary photo ID but used to verify the identity of a person electronically. Consequently, the identity must be unique and recognizable to everyone. Moreover, in order to be practical, the identity should be easy to validate, impossible to forge, and acceptable as admissible evidence in any court of law.
The general rule is that a public key cryptosystem is based on a hashing function. There are basically two kinds of hashing functions that have been proven secure and have been widely used throughout the past decades or so of scientific scrutiny. One is the factoring of a large integer and the other is a discrete logarithm.
Nevertheless, neither technique has provided sufficient security, including identity verification, to enable different service providers to allow convenient combinations of their services.
According to the principles of the invention, a multi-purpose end-user authentication scheme and mechanism provides cryptographically strong security, including services of strong authentication of a user""s membership in a group upon request for use and strong verification of the user""s identity. The principles of the invention rely on the use of a combination of three hard problems, in the mathematical sense. That combination makes multi-purpose end-user information secure and extremely easy to manage. More specifically, authentication and verification are based on a plurality of types of cryptographic security including a combination of integer factorization, such as the RSA authenticating technique, a discrete logarithm, and coefficients of a polynomial function.
In one illustrative embodiment, a smart card is adapted to partially include and employ a triply-secure algorithm for data exchange. The algorithm verifies a users identity and his simultaneous membership in any groups that he has joined. For this purpose, the algorithm requires only a single insertion of the smart card and only a single input of the user""s personal identification number. The algorithm can be used in smart cards or in computer networks for identity verification and membership proof.
According to the principles of the invention, the multi-purpose, end-user authentication scheme and mechanism not only brings convenience to the bearers, but also brings the bearers the best security protections for their sensitive information. All these features combine to offer a multi-purpose, end-user authentication scheme and mechanism with very significant advantages over prior techniques and a resultant opportunity for commercial acceptance. For example, a user can carry just one multi-purpose smart card and use just one personal identification number (PIN) card instead of carrying multiple credit, debit, and other membership cards, each requiring separate entry of a PIN. Moreover, the multiple-purpose functions do not have to be from the same service provider.